JP2007322822A - Data processor, data processing method, and data processing program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To make bound data restorable and to make the data usable even when a part of the constitution of a device is changed. <P>SOLUTION: Distributed data is generated from a device ID by means of a threshold secret sharing scheme. An encrypted title key is generated by encrypting a title key with a media unique key generated from the device ID and a media key. A media ID key is generated by means of a one-way function by using the media key for each ID in a data storage/reproduction device 100. The device ID is restored from the distributed data, and the media unique key is generated from the restored device ID and the media key. The title key is obtained by decrypting the encrypted title key, and the encrypted data is generated by encrypting the data to be bound. When the bound data is used, the data to be bound is decrypted by decrypting the encrypted data with the obtained title key. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a data processing apparatus, a data processing method, and a data processing program that execute content binding processing using a plurality of IDs, and determines that data is bound even when all IDs are unavailable. The present invention relates to a possible data processing device, a data processing method, and a data processing program.

  Conventionally, distribution of content such as music data and video data via a communication network such as the Internet has been widely performed. In recent years, when the distributed content information is stored and stored in a storage medium, a device, or the like, a process called binding that makes the data unusable in other media has been performed.

  The bind process is a process required to prevent the generation of an unauthorized copy for the purpose of protecting the copyright of the content. Specifically, this can be realized by using a unique value called an ID owned by a storage medium or device (for example, Patent Documents 1-3).

  In the case of a PC environment, a single ID is created based on multiple device-specific information such as IDs in physical devices such as internal HDDs, CPUs, and motherboards, and IDs owned by software such as the OS and applications. The technique to take was taken. This created ID will be referred to as a device ID. When binding content to the PC, in a simple case, by encrypting the content using the device ID as a key, the device ID generated by the PC is not copied even if the encrypted content data is copied to another PC. Since the device ID is different from the original encrypted device ID, the encrypted content cannot be decrypted and cannot be used.

JP 2001-396998 A JP 11-110209 A JP 7-295798 A A. Shamir: “How to share a secret”, Communications of the ACM, 22, 11, pp.612-613 (1979)

  As described above, conventionally, as a method of binding data to a device, a method of encrypting and storing data with a device ID generated from a plurality of unique information in the device is known. However, with the above-described conventional technology, if any one of the internal configuration of the device (HDD, CPU, motherboard, OS, application, etc.) is changed, correct device specific information cannot be acquired and data can be used at all. There was a problem of disappearing.

  The present invention has been made in view of such problems, and even when a part of the configuration of a device is changed, data processing that can determine that data is bound and use the data is possible. An object is to provide an apparatus, a data processing method, and a data processing program.

  A data processing device according to the present invention is a data processing device that binds data, and a distributed data generation unit that generates a plurality of distributed data for the data from a device ID by a threshold secret sharing method, and a data processing device in the data processing device A media ID key generation unit that generates a media ID key from each ID given to predetermined hardware or software, and encryption in which the data is encrypted with a media unique key generated from the device ID and the media key An encrypted data generating unit that generates data; and encrypting each of the distributed data with the media ID key to generate encrypted distributed data; decrypting the encrypted distributed data with the media ID key; An encryption / decryption processing unit for generating the device ID, and the device ID is restored from the shared data by a threshold secret sharing method A device ID restoration unit, and a data acquisition unit that generates a media unique key from the restored device ID and the media key, decrypts the encrypted data using the media unique key, and acquires the data. To do. The data processing apparatus according to the present invention can handle bound data even when a part of the apparatus ID cannot be acquired.

  The shared data generation unit generates shared data corresponding to the changed device ID when the device ID is changed, and the encryption / decryption processing unit stores the shared data corresponding to the changed device ID. When it is generated, it may be configured to generate and update encrypted distributed data obtained by encrypting the distributed data with a media ID key.

  For example, the device ID may be generated by a random number in the device, embedded in the device in advance, or acquired from a server on the network.

  The data binding is performed by encrypting the entire data with a media unique key, but the data is bound by encrypting the data with a key called a title key and binding the title key to the data to be bound. It is possible to obtain the same effect as what is done.

  A history storage unit that records reading history information of the device ID may be provided, and the distributed data generation unit may determine that the device ID has changed from the reading history information stored in the history storage unit. Good.

  A data processing method according to the present invention is a data processing method for binding data, wherein a distributed data generation step of generating a plurality of distributed data for the data from a device ID by a threshold secret sharing method, Media ID key generation step for generating a media ID key from each ID given to predetermined hardware or software, and encryption in which the data is encrypted with a media unique key generated from the device ID and the media key An encrypted data generating step for generating data; encrypting each of the distributed data with the media ID key to generate encrypted distributed data; decrypting the encrypted distributed data with the media ID key; An encryption / decryption processing step to generate a threshold secret sharing method from the shared data A device ID restoring step for restoring the device ID; a data obtaining step for generating a media unique key from the restored device ID and the media key, decrypting the encrypted data with the media unique key, and obtaining the data; It is characterized by having. According to the data processing method of the present invention, bound data can be handled even when a part of the device ID cannot be acquired.

  A data processing program according to the present invention is a data processing program for binding data, and a computer generates a plurality of distributed data for the data by a threshold secret sharing method from a device ID, A media ID key generating step for generating a media ID key from each ID given to predetermined hardware or software in the data processing device; and a media unique key for generating the data from the device ID and the media key. An encrypted data generation step for generating encrypted data encrypted with a key; and each distributed data is encrypted with the media ID key to generate encrypted distributed data, and the encrypted distributed data is generated with the media ID key. An encryption / decryption processing step for generating each distributed data by decoding. A device ID restoring step for restoring the device ID from the distributed data by a threshold secret sharing method, generating a media unique key from the restored device ID and the media key, and encrypting the encrypted data with the media unique key. And a data acquisition step of acquiring data by decoding. According to the data processing program of the present invention, bound data can be handled even when a part of the device ID cannot be acquired.

  According to the present invention, data such as bound content can be used even when a part of the ID in the device cannot be acquired.

  Hereinafter, a data storage / reproduction device according to an embodiment of the present invention will be described with reference to the drawings.

[First Embodiment]
FIG. 1 is a block diagram showing a configuration example of a data storage / reproduction device 100 according to the first embodiment of the present invention. The data storage / reproduction device 100 includes a secret sharing processing unit 101, an input unit 102, a random number generation unit 103, a one-way function processing unit 104, an encryption processing unit 105, a decryption processing unit 106, and a control unit 107. , An output unit 108, a protection area 109, a data storage unit 110, and n device specific information storage units 111 to 11n.

  The device unique information storage units 111 to 11n hold values ID1 to IDn unique to the device called device unique information. ID1 to IDn are, for example, IDs of physical devices such as HDDs, CPUs, and motherboards in the PC, and software such as OS and applications if the device 100 is configured by a personal computer (PC). ID.

  The protected area 109 is a storage unit whose access is restricted by tamper-proof processing or the like, and stores a media key Km. On the other hand, the data storage unit 110 is a storage unit that is not restricted in access, and stores various data such as encrypted data.

  FIG. 2 is a schematic diagram showing an overview of the initial setting process executed by the data storage / reproduction device 100 according to the first embodiment. FIG. 3 is a flowchart illustrating an example of the initial setting process. In the initial setting process, the data storage / playback device 100 generates and stores the title key Kt (steps S101 to S105), the device unique information IDi (1 ≦ i ≦ n) registration process (steps S106 to S110), and Execute.

  Here, the title key Kt is a key used when data such as contents to be stored and reproduced is encrypted. First, the title key generation / storage process (steps S101 to S105) for generating and storing the title key Kt will be described. In the title key generation / storage process, the random number generation unit 103 randomly generates a device ID (step S101). Next, the one-way function processing unit 104 acquires the media key Km from the protection area 109 (step S102), and uses the media key Km and the device by a predetermined one-way function (for example, HMAC: Keyed Hashing for Message Authentication Code). A media unique key Kmu is generated from the ID (step S103). Further, the random number generation unit 103 randomly generates the title key Kt (step S104). Then, the encryption processing unit 105 generates an encrypted title key Enc (Kmu, Kt) obtained by encrypting the title key Kt with the media unique key Kmu, and stores it in the data storage unit 110 (step S105).

  Next, the registration process (steps S106 to S110) of the device unique information IDi (1 ≦ i ≦ n) will be described. In this registration process, the secret sharing processing unit 101 distributes the device ID to the distributed data Si (1 ≦ i ≦ n) by the (k, n) threshold secret sharing method (step S106). Here, the “(k, n) threshold secret sharing method” means that the original secret information can be recovered if k pieces of data among n pieces of distributed data are gathered. This is a distribution method in which secret information is not known at all (for example, Shamir's Secret Sharing: see Non-Patent Document 1).

  Next, the one-way function processing unit 104 acquires the device unique information IDi (1 ≦ i ≦ n) from the device unique information storage unit 11i (1 ≦ i ≦ n) (step S107), and predetermined one direction. A media ID key Kmi (1 ≦ i ≦ n) is generated from the media key Km and each device unique information IDi (1 ≦ i ≦ n) by a sex function (for example, HMAC) (step S108). Then, the encryption processing unit 105 encrypts each distributed data Si (1 ≦ i ≦ n) with each media ID key Kmi (1 ≦ i ≦ n) (step S109), and encrypts the distributed data Enc (Kmi). , Si) (1 ≦ i ≦ n) is stored in the data storage unit 110 (step S110).

  FIG. 4 is a schematic diagram showing an outline of data storage processing executed by the data storage / reproduction device 100 according to the first embodiment. FIG. 5 is a flowchart illustrating an example of data storage processing. In the data storage process, the data storage / playback apparatus 100 performs the title key Kt acquisition process (steps S201 to S209) and the storage target data encryption process (steps S210 to S211).

  First, the title key Kt acquisition process (steps S201 to S209) will be described. In the title key Kt acquisition process, the one-way function processing unit 104 acquires the device unique information IDi (1 ≦ i ≦ k) from the device unique information storage unit 11i (1 ≦ i ≦ n) (step S201). The media key Km is acquired from the protected area 109 (step S202). Next, the one-way function processing unit 104 uses a predetermined one-way function (for example, HMAC) to determine the media ID key Kmi (1 ≦ i ≦ k) from the media key Km and each device specific information IDi (1 ≦ i ≦ k). Are respectively generated (step S203).

  Here, for the sake of simplicity, the device unique information is IDi (1 ≦ i ≦ k), but any number of device unique information IDi (1 ≦ i ≦ n) may be used. Next, the decryption processing unit 106 acquires the encrypted distributed data Enc (Kmi, Si) (1 ≦ i ≦ k) from the data storage unit 110 (step S204), and the media ID key Kmi (1 ≦ i ≦ k). To obtain distributed data Si (1 ≦ i ≦ k) (step S205).

  Next, the secret sharing processing unit 101 restores the device ID from the shared data Si (1 ≦ i ≦ k) by the (k, n) threshold secret sharing method (step S206). Further, the one-way function processing unit 104 calculates a media unique key Kmu from the media key Km and the device ID using a predetermined one-way function (for example, HMAC) (step S207). Then, the decryption processing unit 106 acquires the encrypted title key Enc (Kmu, Kt) from the data storage unit 110 (step S208), decrypts it with the media unique key Kmu, and acquires the title key Kt (step S209).

  Next, the encryption process (steps S210 to S211) of the storage target data will be described. In this encryption process, the encryption processing unit 105 acquires the storage target data Data from the input unit 102, and generates encrypted data Enc (Kt, Data) obtained by encrypting the storage target data Data with the title key Kt ( Step S210). Then, the encryption processing unit 105 stores the encrypted data Enc (Kt, Data) in the data storage unit 110 (step S211).

  FIG. 6 is a flowchart illustrating an example of the data reproduction process. In the data reproduction process, a title key Kt acquisition process (steps S301 to S309) and a reproduction target encrypted data decryption process (steps S310 to S311) are executed. The title key Kt acquisition process (steps S301 to S309) is the same as the above-described title key Kt acquisition process (steps S201 to S209), and thus description thereof is omitted, and only the decryption process of the reproduction target encrypted data is performed. explain.

  In the decryption process of the reproduction target encrypted data, the decryption processing unit 106 acquires the reproduction target encrypted data Enc (Kt, Data) from the data storage unit 110, and uses the title key Kt for the encrypted data Enc (Kt, Data). Decoding is performed (step S310). Then, the decryption processing unit 106 outputs the decrypted data Data to the output unit 108 (step S311).

  Next, a process for updating the registered title key Kt in the first embodiment will be described. 7 and 8 are schematic diagrams showing an outline of the update process of the registered title key Kt by the data storage / playback apparatus 100. FIG. FIG. 9 is a flowchart illustrating an example of a process for updating the registered title key Kt.

  It is assumed that the title key Kt has already been registered by the initial setting process described above. In the update process of the registered title key Kt, the data storage / playback apparatus 100 restores the apparatus ID shown in FIG. 7 (steps S701 to S706) and re-registers the title key Kt shown in FIG. 8 (steps S707 to S707). S709) is executed.

  First, apparatus ID restoration processing (steps S701 to S706) will be described. In the restoration process, the unidirectional function processing unit 104 acquires the device unique information IDi (1 ≦ i ≦ k) from the device unique information storage unit 11 i (1 ≦ i ≦ k) (step S 701), and from the protection area 109. The media key Km is acquired (step S702). Next, the one-way function processing unit 104 determines a media ID key Kmi (1 ≦ i ≦ k) from the media key Km and each device specific information IDi (1 ≦ i ≦ k) by a predetermined one-way function (for example, HMAC). ) Are respectively generated (step S703). Here, for the sake of simplicity, the device unique information is set to Kmi (1 ≦ i ≦ k), but any number of device unique information IDi (1 ≦ i ≦ n) may be used.

  Next, the decryption processing unit 106 acquires the encrypted distributed data Enc (Kmi, Si) (1 ≦ i ≦ k) from the data storage unit 110 (step S704), and the media ID key Kmi (1 ≦ i ≦ k). To obtain distributed data Si (1 ≦ i ≦ k) (step S705). Then, the secret sharing processing unit 101 restores the device ID from the shared data Si (1 ≦ i ≦ k) by the (k, n) threshold secret sharing method (step S706).

  Next, the re-registration process (steps S707 to S709) of the title key Kt will be described. In the re-registration process, the random number generation unit 101 randomly generates the title key Kt ′ (step S707). Next, the one-way function processing unit 104 calculates a media unique key Kmu from the media key Km and the device ID using a predetermined one-way function (for example, HMAC) (step S708). Then, the encryption processing unit 105 encrypts the title key Kt ′ with the media unique key Kmu, and stores the encrypted title key Enc (Kmu, Kt ′) in the data storage unit 110 (step S709). If the data Enc (Kt, Data) encrypted with the title key Kt before update is used after updating to the title key Kt ′, the encrypted data Enc (Kt, Data) is used as the title before update. After decryption with the key Kt, it is necessary to re-encrypt with the updated title key Kt ′.

Next, the update process of the registered device unique information IDi (1 ≦ i ≦ n) will be described.
7 and 10 are schematic diagrams illustrating an outline of the update process of the registered device specific information IDi (1 ≦ i ≦ n) executed by the data storage / reproduction device 100 according to the present embodiment. FIG. 11 is a flowchart illustrating an example of an update process for registered device unique information IDi (1 ≦ i ≦ n). It is assumed that the device unique information IDi (1 ≦ i ≦ n) has already been registered by the initial setting process described above. In the update process of the registered device unique information IDi (1 ≦ i ≦ n), the data storage / reproduction device 100 performs the device ID restoration process (steps S801 to S806) as shown in FIG. Device registration information IDi (1 ≦ i ≦ n) re-registration processing (steps S807 to S811).

  The device ID restoration processing (steps S801 to S806) is the same as the device ID restoration processing (steps S701 to S706) described above, and thus the description thereof is omitted, and the device unique information IDi (1 ≦ i ≦ n) is restored. Only the registration process will be described.

  In the re-registration process, the secret sharing processing unit 101 distributes the device ID to the distributed data Si ′ (1 ≦ i ≦ n) by the (k, n) threshold secret sharing method (step S807). Next, the one-way function processing unit 104 acquires the device unique information IDi ′ (1 ≦ i ≦ n) from the device unique information storage unit 11i (1 ≦ i ≦ n) (step S808). Next, the one-way function processing unit 104 determines the media ID key Kmi ′ (1 ≦ i) from the media key Km and each device specific information IDi ′ (1 ≦ i ≦ n) using a predetermined one-way function (for example, HMAC). ≦ n) is generated (step S809). Then, the encryption processing unit 105 encrypts each distributed data Si ′ (1 ≦ i ≦ n) with each media ID key Kmi ′ (1 ≦ i ≦ n) (step S810), and encrypts the distributed data. Enc (Kmi ′, Si ′) (1 ≦ i ≦ n) is stored in the data storage unit 110 (step S811).

  In addition, in each acquisition of device unique information IDi ′ (1 ≦ i ≦ n) from the device unique information storage unit 11i (1 ≦ i ≦ n) (step S808), only updated device unique information is obtained and updated. For the device-specific information that has not been obtained, a value that has already been acquired may be used.

[Second Embodiment]
Next, a second embodiment of the present invention will be described. The second embodiment is a modification of the first embodiment described above, and is an example in which the media key Km is not used for protecting the distributed data Si (1 ≦ i ≦ n). For this reason, the process is simpler than the first embodiment described above. An example of the configuration of the data storage / reproduction device in the second embodiment is the same as that of the data storage / reproduction device 100 shown in FIG. 1 described above.

  FIG. 12 is a schematic diagram illustrating an overview of an initial setting process executed by the data storage / reproduction device 100 according to the second embodiment. FIG. 13 is a flowchart illustrating an example of the initial setting process. In the initial setting process, the data storage / playback apparatus 100 generates a title key Kt and stores the title key generation storage process (steps S401 to S405) and the registration process of the device unique information IDi (1 ≦ i ≦ n) (step S406). To S410). Here, the title key Kt is a key for encrypting data to be stored and reproduced.

  First, the title key generation / storage process (steps S401 to S405) will be described. In the title key generation / storage process, the random number generation unit 101 randomly generates a device ID (step S401). Next, the one-way function processing unit 104 acquires the media key Km from the protection area 109 (step S402), and the media unique key Kmu from the media key Km and the device ID using a predetermined one-way function (for example, HMAC). Is generated (step S403). Furthermore, the random number generation unit 101 randomly generates a title key Kt (step S404). Then, the encryption processing unit 105 stores the encrypted title key Enc (Kmu, kt) obtained by encrypting the title key Kt with the media unique key Kmu in the data storage unit 110 (step S405).

  Next, the registration process (steps S406 to S410) of the device unique information IDi (1 ≦ i ≦ n) will be described. In the registration process, the secret sharing processing unit 101 distributes the device ID to the distributed data Si (1 ≦ i ≦ n) by the (k, n) threshold secret sharing method (step S406).

  Next, the unidirectional function processing unit 104 acquires the device unique information IDi (1 ≦ i ≦ n) from the device unique information storage unit 11i (1 ≦ i ≦ n) (step S407), and predetermined one direction. A media ID key Kmi (1 ≦ i ≦ n) is generated from each device unique information IDi (1 ≦ i ≦ n) by a sex function (for example, SHA: Secure Hash Algorithm) (step S408). Then, the encryption processing unit 105 encrypts each distributed data Si (1 ≦ i ≦ n) with each media ID key Kmi (1 ≦ i ≦ n) (step S409), and encrypts the distributed data Enc (Kmi). , Si) (1 ≦ i ≦ n) is stored in the data storage unit 110 (step S410).

  FIG. 14 is a schematic diagram showing an outline of data storage processing of the data storage / reproduction device 100 according to the second embodiment. FIG. 15 is a flowchart illustrating an example of the data storage process. In the data storage process, the data storage / playback apparatus 100 performs the title key Kt acquisition process (steps S501 to S509) and the storage target data encryption process (steps S510 to S511).

  First, the title key Kt acquisition process (steps S501 to S509) will be described. In the acquisition process, the unidirectional function processing unit 104 acquires the device unique information IDi (1 ≦ i ≦ k) from the device unique information storage unit 11i (1 ≦ i ≦ k) (step S501), and predetermined one direction. A media ID key Kmi (1 ≦ i ≦ k) is generated from each device unique information IDi (1 ≦ i ≦ k) by a sex function (for example, SHA) (step S502). Here, for the sake of simplicity, the device unique information is IDi (1 ≦ i ≦ k). However, any number of device unique information IDi (1 ≦ i ≦ n) may be used.

  Next, the decryption processing unit 106 acquires the encrypted distributed data Enc (Kmi, Si) (1 ≦ i ≦ k) from the data storage unit 110 (step S503), and the media ID key Kmi (1 ≦ i ≦ k). To obtain distributed data Si (1 ≦ i ≦ k) (step S504). Then, the secret sharing processing unit 101 restores the device ID from the distributed data Si (1 ≦ i ≦ k) by the (k, n) threshold secret sharing method (step S505).

  Further, the one-way function processing unit 104 acquires the media key Km from the protected area 109 (step S506), and obtains the media unique key Kmu from the media key Km and the device ID using a predetermined one-way function (for example, HMAC). Generate (step S507). Then, the decryption processing unit 106 acquires the encrypted title key Enc (Kmu, Kt) from the data storage unit 110 (step S508), decrypts it with the media unique key Kmu, and acquires the title key Kt (step S509).

  Next, the encryption process (steps S510 to S511) of the storage target data will be described. In the encryption process, the encryption processing unit 105 acquires the storage target data Data from the input unit 102, and encrypts the storage target data Data with the title key Kt (step S510). Next, the encryption processing unit 105 stores the encrypted data Enc (Kt, Data) in the data storage unit 110 (step S511).

  FIG. 16 is a flowchart illustrating an example of data storage processing. In the data storage process, the data storage / playback apparatus 100 executes a title key Kt acquisition process (steps S601 to S609) and a playback target encrypted data decryption process (steps S610 to S611). Since the title key Kt acquisition process (steps S601 to S609) is the same as the title key Kt acquisition process (steps S501 to S509) described above, the description thereof will be omitted, and only the decryption process of the reproduction target encrypted data will be described. To do.

  In the decryption process of the reproduction target encrypted data, the decryption processing unit 106 acquires the reproduction target encrypted data Enc (Kt, Data) from the data storage unit 110, and uses the title key Kt for the encrypted data Enc (Kt, Data). Decoding is performed (step S610). Next, the decryption processing unit 106 outputs the decrypted data Data to the output unit 108 (step S611).

  Next, the update process of the title key Kt registered in the present embodiment will be described.

  FIG. 17 and FIG. 18 are schematic diagrams showing an outline of a registered title key Kt update process executed by the data storage / playback apparatus 100 of the present embodiment. FIG. 18 is a flowchart illustrating an example of a process for updating the registered title key Kt. It is assumed that the title key Kt has already been registered by the initial setting process described above. In the update processing of the registered title key Kt, the data storage / reproduction device 100 performs the device ID restoration processing (steps S901 to S905) as shown in FIG. 17 and the title key Kt re-registration processing as shown in FIG. (Steps S906 to S909) are executed.

  First, device ID restoration processing (steps S901 to S905) will be described. In the restoration process, the one-way function processing unit 104 acquires the device unique information IDi (1 ≦ i ≦ k) from the device unique information storage unit 11i (1 ≦ i ≦ k), respectively (step S901). A media ID key Kmi (1 ≦ i ≦ k) is generated from each device unique information IDi (1 ≦ i ≦ k) by a direction function (for example, SHA) (step S902). Here, for the sake of simplicity, the device unique information is IDi (1 ≦ i ≦ k), but any number of device unique information IDi (1 ≦ i ≦ n) may be used.

  Next, the decryption processing unit 106 acquires the encrypted distributed data Enc (Kmi, Si) (1 ≦ i ≦ k) from the data storage unit 110 (step S903), and the media ID key Kmi (1 ≦ i ≦ k). To obtain distributed data Si (1 ≦ i ≦ k) (step S904). Then, the secret sharing processing unit 101 restores the device ID from the shared data Si (1 ≦ i ≦ k) by the (k, n) threshold secret sharing method (step S905).

  Next, the re-registration process (steps S906 to S909) of the title key Kt will be described. In the re-registration process, the random number generation unit 101 randomly generates the title key Kt ′ (step S906). Next, the one-way function processing unit 104 acquires the media key Km from the protected area 109 (step S907). Further, the one-way function processing unit 104 generates a media unique key Kmu from the media key Km and the device ID using a predetermined one-way function (for example, HMAC) (step S908). Then, the encryption processing unit 105 encrypts the title key Kt ′ with the media unique key Kmu, and stores the encrypted title key Enc (Kmu, Kt ′) in the data storage unit 110 (step S909). If the data Enc (Kt, Data) encrypted with the title key Kt before update is used after updating to the title key Kt ′, the encrypted data Enc (Kt, Data) is used as the title before update. After decryption with the key Kt, it is necessary to re-encrypt with the updated title key Kt ′.

Next, the update process of the registered device unique information IDi (1 ≦ i ≦ n) will be described.
FIG. 17 and FIG. 19 are schematic diagrams showing an outline of the update process of the registered device specific information IDi (1 ≦ i ≦ n) of the data storage / reproduction device 100 of this embodiment. FIG. 20 is a flowchart illustrating an example of update processing of registered device unique information IDi (1 ≦ i ≦ n). It is assumed that the device unique information IDi (1 ≦ i ≦ n) has already been registered by the initial setting process described above. In the update process of the registered device unique information IDi (1 ≦ i ≦ n), the device ID restoration process (steps S1001 to S1005) as shown in FIG. 17 and the device unique information IDi (1) as shown in FIG. ≦ i ≦ n) re-registration processing (steps S1006 to S1010) is executed. The device ID restoration processing (steps S1001 to S1005) is the same as the device ID restoration processing (steps S901 to S905) described above, and thus the description thereof will be omitted, and the device unique information IDi (1 ≦ i ≦ n) will be restored. Only the registration process will be described.

  In the re-registration process, the secret sharing processing unit 101 distributes the device ID to the distributed data Si ′ (1 ≦ i ≦ n) by the (k, n) threshold secret sharing method (step S1006). Next, the one-way function processing unit 104 acquires the device unique information IDi ′ (1 ≦ i ≦ n) from the device unique information storage unit 11i (1 ≦ i ≦ n), respectively (step S1007). A media ID key Kmi ′ (1 ≦ i ≦ n) is generated from each device unique information IDi ′ (1 ≦ i ≦ n) by a direction function (for example, SHA) (step S1008). Then, the encryption processing unit 105 encrypts each distributed data Si ′ (1 ≦ i ≦ n) with each media ID key Kmi ′ (1 ≦ i ≦ n) (step S1009), and encrypts the distributed data. Emc (Kmi ′, Si ′) (1 ≦ i ≦ n) is stored in the data storage unit 110 (step S1010).

  Note that only the updated device specific information is acquired and updated in each of the device specific information IDi ′ (1 ≦ i ≦ n) is acquired from the device specific information storage unit 11i (1 ≦ i ≦ n) (step S1007). For the device-specific information that has not been obtained, a value that has already been acquired may be used.

  As described above, a data processing apparatus (data storage / reproduction apparatus 100) that binds data, generates distributed data from a randomly generated apparatus ID by a threshold secret sharing method, and uses a randomly generated title key as an apparatus ID. And an encrypted title key encrypted with a media unique key generated from the media key and a media key for each ID given to predetermined hardware or software in the data storage / playback device 100. A media ID key is generated by a direction function, a device ID is restored from the distributed data, a media unique key is generated from the restored device ID and the media key, and the encrypted title key is decrypted with the media unique key. When obtaining the title key and binding the data, bind the data with the obtained title key. When the encrypted data is generated and the bound data is used, the encrypted data is decrypted with the obtained title key and the data to be bound is decrypted. Even when a part of the ID in the device 100 cannot be acquired, data such as bound content can be used.

  Although not specifically mentioned in the above-described embodiment, each unit constituting the data storage / reproducing apparatus 100 executes each process described above according to a data processing program installed in the apparatus 100.

  Further, although the secret sharing method in the above-described embodiment is the Shamir formula, other formulas may be used.

  In the above-described embodiment, a predetermined ID such as a device ID and a predetermined key such as a title key Kt are randomly generated using random numbers. For example, a random number is randomly selected from a plurality of candidates prepared in advance. For example, a random number may be randomly generated without using a random number. Further, instead of generating at random, it may be generated according to a predetermined rule.

  Although not particularly mentioned in the above-described embodiment, various data such as music data, image data, moving image data, and document data can be considered as data to be bound. The content data may be bound directly, but for example, a title key Kt used for encrypting the content data may be bound.

1 is a block diagram showing a configuration example of a data storage / reproduction device according to a first embodiment of the present invention. Schematic which shows the outline | summary of an initial setting process. The flowchart which shows the example of an initialization process. Schematic which shows the outline | summary of a data storage process. The flowchart which shows the example of a data storage process. The flowchart which shows the example of a data reproduction process. Schematic which shows the outline | summary of the update process of the registered title key Kt. Schematic which shows the outline | summary of the update process of the registered title key Kt. The flowchart which shows the example of the update process of the registered title key Kt. Schematic which shows the outline | summary of the update process of the registered apparatus specific information. The flowchart which shows the example of the update process of the registered apparatus specific information. Schematic which shows the outline | summary of an initial setting process. The flowchart which shows the example of an initialization process. Schematic which shows the outline | summary of the data storage process of the data storage / reproducing apparatus 100 which concerns on the 2nd Embodiment of this invention. The flowchart which shows the example of a data storage process. The flowchart which shows the example of a data storage process. Schematic which shows the outline | summary of the update process of the registered title key. The flowchart which shows the example of the update process of the registered title key. Schematic which shows the outline | summary of the update process of the registered apparatus specific information. The flowchart which shows the example of the update process of the registered apparatus specific information.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 100 ... Data storage / reproducing apparatus, 101 ... Secret sharing process part, 102 ... Input part, 103 ... Random number generation part, 104 ... Unidirectional function process part, 105 ... Encryption process part, 106 ... Decryption process part, 107 ... Control part , 108 ... output unit, 109 ... protected area, 110 ... data storage unit, 111 to 11n ... device specific information storage unit

Claims (5)

A data processing device for binding data,
A distributed data generation unit that generates a plurality of distributed data for the data from a device ID by a threshold secret sharing method;
A media ID key generating unit that generates a media ID key from each ID given to predetermined hardware or software in the data processing device;
An encrypted data generation unit that generates encrypted data obtained by encrypting the data with a media unique key generated from the device ID and a media key;
An encryption / decryption processing unit that encrypts each shared data with the media ID key to generate encrypted shared data, and decrypts the encrypted distributed data with the media ID key to generate each shared data;
A device ID restoration unit for restoring the device ID from the shared data by a threshold secret sharing method;
A data processing device comprising: a data acquisition unit that generates a media unique key from the restored device ID and a media key, decrypts the encrypted data with the media unique key, and acquires data. The data processing apparatus according to claim 1, wherein
The distributed data generation unit generates distributed data corresponding to the changed device ID when the device ID is changed,
When the shared data corresponding to the changed device ID is generated, the encryption / decryption processing unit generates and updates encrypted distributed data obtained by encrypting the generated distributed data with a media ID key. Characteristic data processing device. A data processing apparatus according to claim 2, wherein
A history storage unit for storing reading history information of the device ID;
The distributed data generation unit determines that a device ID has been changed from the read history information stored in the history storage unit. A data processing method for binding data,
A distributed data generation step of generating a plurality of distributed data for the data from a device ID by a threshold secret sharing method;
A media ID key generating step for generating a media ID key from each ID given to predetermined hardware or software in the data processing device;
An encrypted data generation step of generating encrypted data obtained by encrypting the data with a media unique key generated from the device ID and a media key;
An encryption / decryption processing step of encrypting each of the distributed data with the media ID key to generate encrypted distributed data, and decrypting the encrypted distributed data with the media ID key to generate each of the distributed data;
A device ID restoring step of restoring the device ID from the shared data by a threshold secret sharing method;
A data processing method comprising: a data acquisition step of generating a media unique key from the restored device ID and the media key, decrypting the encrypted data with the media unique key, and acquiring the data. A data processing program for binding data,
On the computer,
A distributed data generation step of generating a plurality of distributed data for the data from a device ID by a threshold secret sharing method;
A media ID key generating step for generating a media ID key from each ID given to predetermined hardware or software in the data processing device;
An encrypted data generation step of generating encrypted data obtained by encrypting the data with a media unique key generated from the device ID and a media key;
An encryption / decryption processing step of encrypting each of the distributed data with the media ID key to generate encrypted distributed data, and decrypting the encrypted distributed data with the media ID key to generate each of the distributed data;
A device ID restoring step of restoring the device ID from the shared data by a threshold secret sharing method;
A data processing program for executing a data acquisition step of generating a media unique key from a restored device ID and a media key, decrypting encrypted data with the media unique key, and acquiring data.

Images